[WHIT-3020] Fix and backfill preview-token propagation for response forms and cropped images#11555
Open
TonyGDS wants to merge 3 commits into
Open
[WHIT-3020] Fix and backfill preview-token propagation for response forms and cropped images#11555TonyGDS wants to merge 3 commits into
TonyGDS wants to merge 3 commits into
Conversation
EditionAuthBypassUpdater pushed the edition's auth bypass id to file attachments, images and consultation response forms and outcomes, but not to call for evidence response forms or outcome attachments. As a result, generating or regenerating a preview link on a call for evidence never updated its response form asset in Asset Manager. Add update_call_for_evidence_attachments, bringing call for evidence into line with consultations.
TonyGDS
force-pushed
the
whit-3020-backfill-cfe-auth-bypass
branch
from
aa6603c to
c6d23b1
Compare
2 tasks
When a publisher crops (or replaces the file of) an edition image, the update action builds a fresh ImageData and saves it before linking it to the image. At save time the new ImageData has no images, so ImageData#auth_bypass_ids - which walks images to their edition - returns an empty array, and the cropped asset is created in Asset Manager with no auth_bypass_id. The edition's preview link therefore does not grant access to the cropped image, even though the edition carries a token. The create action already works around this by pushing the image onto the new ImageData's images association before saving, so auth_bypass_ids is discoverable. Do the same in the crop branch of the update action.
TonyGDS
force-pushed
the
whit-3020-backfill-cfe-auth-bypass
branch
from
c6d23b1 to
ce3d9c1
Compare
TonyGDS
changed the title
TonyGDS
force-pushed
the
whit-3020-backfill-cfe-auth-bypass
branch
from
ce3d9c1 to
4ccffe7
Compare
The preceding commits fix auth bypass id propagation going forward for call for evidence response forms and cropped images, but existing pre-publication editions already carry an auth_bypass_id whose value was never written to some of their assets in Asset Manager - cropped image assets, and call for evidence response form (and outcome attachment) assets. As a result the preview link for those drafts does not grant access to the affected assets. This data migration propagates each pre-publication edition's existing auth_bypass_id to its image assets, and - for call for evidence - its response form and outcome attachment assets, bringing them into a consistent state before the rest of the preview token work is built on top. It enqueues AssetManagerUpdateAssetJob directly rather than reusing EditionAuthBypassUpdater, because that service regenerates the token (set_auth_bypass_id). Minting a new id would invalidate any preview link publishers have already shared, which is the opposite of what the backfill needs - we want to preserve the existing id and only repair the assets.
TonyGDS
force-pushed
the
whit-3020-backfill-cfe-auth-bypass
branch
from
4ccffe7 to
51b99f2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part 1 of 3 for WHIT-3020 (opt-in preview tokens). Base of the stack — #11543 and #11542 build on this.
What
This is the base of the preview-token stack. It fixes two pre-existing gaps where a draft edition's
auth_bypass_idwas never written to some of its assets in Asset Manager — so the preview link did not grant access to them — and then backfills existing drafts into a consistent state.Call for evidence response forms. When a preview link is generated/regenerated, the
auth_bypass_idwas propagated to attachment and image assets, and to consultation response forms, but not to call for evidence response form (or outcome attachment) assets. The fix adds the call for evidence branch toEditionAuthBypassUpdater, mirroring the existing consultation handling.Cropped images. Uploading via the create path already snapshots the token onto new image assets. But cropping/replacing an image builds a fresh
ImageDataand saves it before linking it to the image, soImageData#auth_bypass_ids(which walksimagesto the edition) returns[]and the cropped asset is created token-less. Since single-usage and oversized images are forced through cropping, the displayed asset ended up without the token. The fix links the image before saving, mirroring the create path's existing workaround.Backfill. The fixes above only repair assets going forward. A data migration propagates each pre-publication edition's existing
auth_bypass_idto its image assets, and — for call for evidence — its response form and outcome attachment assets.Why the migration enqueues jobs directly
The migration enqueues
AssetManagerUpdateAssetJobitself rather than reusingEditionAuthBypassUpdater. That service regenerates the token (set_auth_bypass_id) as part of its flow. Minting a new id would invalidate any preview link publishers have already shared, which is the opposite of what the backfill needs — we want to preserve the existing id and only repair the assets.